Every business – small, medium, or large – is concerned today with data privacy, cyber crime, and even the increased threat of terrorism. If your business is subject to regulatory compliance standards or legislation, there is an even higher level of attention to security with internal employees, customers, and vendors.
To ensure that you’re hiring employees that meet all your security and compliance requirements, you must have a process of screening that identifies any elements that could jeopardize your reputation or put the company and your other employees at risk. Several levels of screening may be appropriate for both your employees and vendors:
· Background screening
· FBI fingerprinting
· Criminal background checks
· Social media presence – this is gaining in importance for many businesses
Factors to Consider in Selecting Vendors
Screening your vendors is just as important as background checks for your employees.
When selecting and dealing with vendors or any service provider, you must have a clear understanding of multiple factors:
1. DO YOU KNOW WHO YOU’RE DEALING WITH?
Especially with the ease of doing business over the internet, it could be difficult to know where the vendor is based. Without proper screening requirements in place, you could be dealing with a vendor based in a country sanctioned by the government.
2. ARE YOU RELYING ON THE VENDOR TO MANAGE DATA?
If you’re outsourcing databases, servers, or web applications to a third party, you need a clear understanding of several conditions:
· What kind of data is retained? Compliance regulations such as HIPAA and payment card industry (PCI) standards place accountability on your business. Be certain your data is retained and secured accordingly.
· What levels of security protect your data from other vendor clients or from the vendor’s employees?
· Is data encrypted and backed up on a regular basis?
All these issues can be addressed when conducting a thorough screening of the proposed vendor.
What Vendors Should You Be Screening?
Some vendors are more obvious than others when you consider screening requirements. Certainly, accountants, investment managers, and technical service providers are logical candidates for thorough screening, but there are many others that require the same attention:
· Janitors – they often have full access to your premises – even unsupervised
· Drivers – if you hire bus drivers, truck drivers, or executive drivers you need assurance that they also have undergone screening
· Contingent or temporary workers
· Independent contractors – for technical teams or special projects
Without proper screening requirements in place for these resources, you could be opening your business to risks that could have been avoided.
What Is the Risk?
Companies that have not thoroughly screened vendors for compliance and security issues are vulnerable to multiple risks:
· Data loss due to technology mismanagement or theft.
· Penalties from non-compliance – these can be severe, depending on the level and type of violation. The U.S. State Department can levy penalties up to $1 million for a single violation, with possible prison time. HIPAA violations can result in penalties from $100 to $50k and could also include criminal charges and jail time.
· Business reputation can also suffer tremendously, with an associated loss of revenue and public confidence
A policy of vendor screening mitigates these risks and offers considerable business protection.
When Is Vendor Screening Complete?
There’s a simple answer to that – your screening process is never done. Vendor conditions change, and regulations are continuously evolving. Your business needs a regular program of revisiting vendor compliance to ensure your screening remains appropriate.
Establish a periodic review to assure compliance and promote trust. Your vendor should welcome this commitment to your professional relationship.
Vendor screening should include formal documentation assuring that your vendors and all third-party providers maintain compliance with all applicable regulations that impact your business – and theirs:
· Audit reports that relate to security controls and procedures
· Proof of compliance with applicable regulations
· Financial statements to demonstrate financial stability
· Certifications for any legal requirements
Make Sure Vendors Meet Compliance Requirements Through a Professional Screening Service
Using an experienced, nationally accredited company to conduct your vendor screening allows you to quickly and confidently identify preferred vendors and weed out questionable candidates. Services available include:
· Criminal background checks
· On-site FBI fingerprinting
· Verification of immigration documents
· Background screening
Turn to ProVerify for secure, confidential vendor screening that assures security and compliance for your business.